garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'master' of github.com:wpscanteam/wpscan

Browse Source
This commit is contained in:
erwanlr
2013-08-09 15:25:17 +02:00
parent 94ee5e15ac 678184e24b
commit 57d0af562e
5 changed files with 15 additions and 119 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
data/plugin_vulns.xml
View File

@@ -1529,9 +1529,10 @@
<fixed_in>3.5.4</fixed_in>
</vulnerability>
<vulnerability>
<title>Better WP Security v3.4.3</title>
<title>Better WP Security v3.4.3 Multiple XSS</title>
<reference>http://seclists.org/bugtraq/2012/Oct/9</reference>
<type>XSS</type>
<fixed_in>3.4.4</fixed_in>
</vulnerability>
<vulnerability>
<title>Better WP Security &lt;= 3.2.4 Cross Site Scripting</title>

27
lib/wpscan/web_site.rb
View File

@@ -26,36 +26,19 @@ class WebSite
end
def has_xml_rpc?
!xml_rpc_url.nil?
response = Browser.get_and_follow_location(xml_rpc_url)
response.body =~ %r{XML-RPC server accepts POST requests only}i
end
# See http://www.hixie.ch/specs/pingback/pingback-1.0#TOC2.3
def xml_rpc_url
unless @xmlrpc_url
@xmlrpc_url = xml_rpc_url_from_headers() || xml_rpc_url_from_body()
@xmlrpc_url = @uri.merge('xmlrpc.php').to_s
end
@xmlrpc_url
end
def xml_rpc_url_from_headers
headers = Browser.get(@uri.to_s).headers_hash
xmlrpc_url = nil
unless headers.nil?
pingback_url = headers['X-Pingback']
unless pingback_url.nil? || pingback_url.empty?
xmlrpc_url = pingback_url
end
end
xmlrpc_url
end
def xml_rpc_url_from_body
body = Browser.get(@uri.to_s).body
body[%r{<link rel="pingback" href="([^"]+)" ?\/?>}, 1]
end
# See if the remote url returns 30x redirect
# This method is recursive
# Return a string with the redirection or nil
@@ -105,7 +88,7 @@ class WebSite
end
# Will try to find the rss url in the homepage
# Only the first one found iw returned
# Only the first one found is returned
def rss_url
homepage_body = Browser.get(@uri.to_s).body
homepage_body[%r{<link .* type="application/rss\+xml" .* href="([^"]+)" />}, 1]

3
lib/wpscan/wp_target.rb
View File

@@ -43,9 +43,8 @@ class WpTarget < WebSite
if response.body =~ /["'][^"']*\/wp-content\/[^"']*["']/i
wordpress = true
else
response = Browser.get_and_follow_location(xml_rpc_url)
if response.body =~ %r{XML-RPC server accepts POST requests only}i
if has_xml_rpc?
wordpress = true
else
response = Browser.get_and_follow_location(login_url)

2
spec/lib/common/models/wp_version/findable_spec.rb
View File

@@ -167,6 +167,8 @@ describe 'WpVersion::Findable' do
let(:version_xml) {}
after do
stub_request(:get, /#{uri.to_s}.*/).to_return(status: 0)
version = WpVersion.find(uri, wp_content_dir, wp_plugins_dir, version_xml)
version.should == @expected
if @expected

99
spec/lib/wpscan/web_site_spec.rb
View File

@@ -63,111 +63,22 @@ describe 'WebSite' do
end
end
describe '#xml_rpc_url_from_headers' do
context 'when the x-pingback is' do
context 'correctly supplied' do
it 'returns the url in the header : http://example.localhost/xmlrpc.php' do
xmlrpc = 'http://example.localhost/xmlrpc.php'
stub_request(:get, web_site.url).
to_return(status: 200, headers: { 'X-Pingback' => xmlrpc })
web_site.xml_rpc_url_from_headers.should === xmlrpc
end
end
context 'not supplied' do
it 'returns nil' do
stub_request(:get, web_site.url).to_return(status: 200)
web_site.xml_rpc_url_from_headers.should be_nil
end
context 'but there is another header field' do
it 'returns nil' do
stub_request(:get, web_site.url).
to_return(status:200, headers: { 'another-field' => 'which we do not care' })
web_site.xml_rpc_url_from_headers.should be_nil
end
end
end
context 'empty' do
it 'returns nil' do
stub_request(:get, web_site.url).
to_return(status: 200, headers: { 'X-Pingback' => '' })
web_site.xml_rpc_url_from_headers.should be_nil
end
end
end
end
describe '#xml_rpc_url_from_body' do
context 'when the pattern does not match' do
it 'returns nil' do
stub_request_to_fixture(url: web_site.url, fixture: fixtures_dir + '/xml_rpc_url/body_dont_match.html')
web_site.xml_rpc_url_from_body.should be_nil
end
end
context 'when the pattern match' do
it 'return the url' do
stub_request_to_fixture(url: web_site.url, fixture: fixtures_dir + '/xml_rpc_url/body_match.html')
web_site.xml_rpc_url_from_body.should == 'http://lamp/wordpress-3.5.1/xmlrpc.php'
end
end
end
describe '#xml_rpc_url' do
after :each do
web_site.xml_rpc_url.should === xmlrpc_url
end
context 'when found in the headers' do
let(:xmlrpc_url) { 'http://from-headers.localhost/xmlrpc.php' }
it 'returns the url' do
web_site.stub(xml_rpc_url_from_headers: xmlrpc_url)
end
end
context 'when found in the body' do
let(:xmlrpc_url) { 'http://from-body.localhost/xmlrpc.php' }
it 'returns the url' do
web_site.stub(
xml_rpc_url_from_headers: nil,
xml_rpc_url_from_body: xmlrpc_url
)
end
end
context 'when not found' do
let(:xmlrpc_url) { nil }
it 'returns nil' do
web_site.stub(
xml_rpc_url_from_headers: nil,
xml_rpc_url_from_body: nil
)
end
it 'returns the xmlrpc url' do
web_site.xml_rpc_url.should === "http://example.localhost/xmlrpc.php"
end
end
describe '#has_xml_rpc?' do
it 'returns true' do
stub_request(:get, web_site.url).
to_return(status: 200, headers: { 'X-Pingback' => 'xmlrpc' })
stub_request(:get, web_site.xml_rpc_url).
to_return(status: 200, body: "XML-RPC server accepts POST requests only")
web_site.should have_xml_rpc
end
it 'returns false' do
stub_request(:get, web_site.url).to_return(status: 200)
stub_request(:get, web_site.xml_rpc_url).to_return(status: 200)
web_site.should_not have_xml_rpc
end
end